Install and configure the Active Directory Certificate Services server role as a Standalone Root CA.

Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA.

Purchase a certificate from a third-party certification authority, Install and configure the Active Directory Certificate Services server role as a Standalone Subordinate CA.

Purchase a certificate from a third-party certification authority, Import the certificate into the computer store of the schema master.

Correct Answer: B

QUESTION 82

You have a Windows Server 2008 R2 Enterprise Root certification authority (CA). You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates. You grant the Account Operators group the Issue and Manage Certificates permission on the CA. Which three tasks should you perform next? (Each correct answer presents part of the solution.

Remove all unnecessary certificate templates that are assigned to the Account Operators group.

Correct Answer: BCE

QUESTION 83

Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2. You need to ensure users are able to enroll new certificates. What should you do?

Renew the Certificate Revocation List (CRL) on the root CA. Copy the CRL to the CertEnroll folder on the issuing CA.

Renew the Certificate Revocation List (CRL) on the issuing CA, Copy the CRL to the SysternCertificates folder in the users’ profile.

Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.

Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

Correct Answer: A

QUESTION 84

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do?

Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.

Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.

Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.

Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

Correct Answer: B

QUESTION 85

Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates. You create a folder on the PDC emulator for the subsidiary domain in the path %systemroot%SYSVOLdomainPoliciesPolicyDefinitionsFR. You need to ensure that the French-language version of the templates is available. What should you do?

Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder.

Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

Correct Answer: B

QUESTION 86

A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails. You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. What should you do?

Prestage the computer account in the Active Directory domain.

Add the user to the Domain Administrators group for one day.

Add the user to the Server Operators group in the Active Directory domain.

Grant the user the right to log on locally by using a Group Policy Object (GPO).

Correct Answer: A

QUESTION 87

The default domain GPO in your company is configured by using the following account policy settings:

Minimum password length: 8 characters

Maximum password age: 30 days

Enforce password history: 12 passwords remembered

Account lockout threshold: 3 invalid logon attem
pts

Account lockout duration: 30 minutes

You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights. The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out. You need to resolve the server failure and prevent recurrence of the failure. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Reset the password of the SQLSrv user account.

Configure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv user account.

Configure the properties of the SQLSrv account to Password never expires.

Configure the properties of the SQLSrv account to User cannot change password.

Configure the local security policy on Server1 to explicitly grant the SQLSrv user account the Allow logon locally user right.

Correct Answer: AC

QUESTION 88

Your company has two Active Directory forests named Forest1 and Forest2, The forest functional level and the domain functional level of Forest1 are set to Windows Server 2008. The forest functional level of Forest2 is set to Windows 2000, and the domain functional levels in Forest2 are set to Windows Server 2003. You need to set up a transitive forest trust between Forest1 and Forest2, What should you do first?

Your company has an Active Directory forest that contains two domains. The forest has universal groups that contain members from each domain. A branch office has a domain controller named DC1, Users at the branch office report that the logon process takes too long. You need to decrease the amount of time it takes for the branch office users to logon. What should you do?

Configure DC1 as a Global Catalog server.

Configure DC1 as a bridgehead server for the branch office site.

Decrease the replication interval on the site link that connects the branch office to the corporate network.

Increase the replication interval on the site link that connects the branch office to the corporate network.

Correct Answer: A

QUESTION 90

Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link. You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server. What should you do?